v0.3.1: enable plugin webapp + case-insensitive bearer
- Add webapp: true to maubot.yaml — without it, @web.post decorators are silently ignored and plugin webhook URLs return 404 - Match Authorization scheme case-insensitively (Seerr's UI lowercases 'Bearer' on save)
This commit is contained in:
parent
e1a7aa7b5b
commit
64b86c7c3f
2 changed files with 6 additions and 3 deletions
|
|
@ -1,6 +1,6 @@
|
||||||
maubot: 0.3.1
|
maubot: 0.3.1
|
||||||
id: com.3ddbrewery.media
|
id: com.3ddbrewery.media
|
||||||
version: 0.3.0
|
version: 0.3.1
|
||||||
license: MIT
|
license: MIT
|
||||||
modules:
|
modules:
|
||||||
- media_bot
|
- media_bot
|
||||||
|
|
@ -9,3 +9,4 @@ config: true
|
||||||
extra_files:
|
extra_files:
|
||||||
- base-config.yaml
|
- base-config.yaml
|
||||||
database: false
|
database: false
|
||||||
|
webapp: true
|
||||||
|
|
|
||||||
|
|
@ -918,8 +918,10 @@ class MediaBot(Plugin):
|
||||||
async def seerr_webhook(self, req: Request) -> Response:
|
async def seerr_webhook(self, req: Request) -> Response:
|
||||||
secret = self.config["seerr_webhook_secret"] or ""
|
secret = self.config["seerr_webhook_secret"] or ""
|
||||||
if secret:
|
if secret:
|
||||||
auth = req.headers.get("Authorization", "")
|
# Case-insensitive scheme per RFC 7235 — Seerr's UI lowercases "Bearer"
|
||||||
if auth != f"Bearer {secret}":
|
auth = (req.headers.get("Authorization") or "").strip()
|
||||||
|
scheme, _, token = auth.partition(" ")
|
||||||
|
if scheme.lower() != "bearer" or token != secret:
|
||||||
self.log.warning("Seerr webhook bad auth from %s", req.remote)
|
self.log.warning("Seerr webhook bad auth from %s", req.remote)
|
||||||
return Response(status=401, text="unauthorized")
|
return Response(status=401, text="unauthorized")
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue